CN112422510B - Data transmission method and system based on DMZ zone - Google Patents

Data transmission method and system based on DMZ zone Download PDF

Info

Publication number
CN112422510B
CN112422510B CN202011139340.4A CN202011139340A CN112422510B CN 112422510 B CN112422510 B CN 112422510B CN 202011139340 A CN202011139340 A CN 202011139340A CN 112422510 B CN112422510 B CN 112422510B
Authority
CN
China
Prior art keywords
data
enterprise
exchange platform
sharing exchange
end processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011139340.4A
Other languages
Chinese (zh)
Other versions
CN112422510A (en
Inventor
张鹏
庄欢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur General Software Co Ltd
Original Assignee
Shandong Inspur Genersoft Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Inspur Genersoft Information Technology Co Ltd filed Critical Shandong Inspur Genersoft Information Technology Co Ltd
Priority to CN202011139340.4A priority Critical patent/CN112422510B/en
Publication of CN112422510A publication Critical patent/CN112422510A/en
Application granted granted Critical
Publication of CN112422510B publication Critical patent/CN112422510B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a data transmission method and a system based on a DMZ zone, wherein the method comprises the following steps: responding to a data acquisition task sent by a second enterprise and received by the front-end processor, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task and sends the source data to the data sharing exchange platform; and the data sharing exchange platform of the first enterprise performs data processing on the source data based on the acquired data standard, then performs data encryption, and sends the encrypted data to the second enterprise through the front-end processor. The embodiment of the invention can realize network isolation through network environment configuration of the DMZ area to achieve the problem of protecting internal networks of enterprises, realize data encryption through an encryption algorithm to ensure the safety of data transmission, and adopt a sub-packet mode for unstructured data to reduce the data volume of each transmission and ensure the data transmission efficiency.

Description

Data transmission method and system based on DMZ zone
Technical Field
The present invention relates to the field of data transmission technologies, and in particular, to a data transmission method and system based on a DMZ zone.
Background
Data sharing among enterprises becomes a hot topic, and the value brought by the data is gradually accepted by the enterprises. At present, enterprises generally implement network isolation by setting an isolation Zone (DMZ), so that how to perform secure and effective data transmission and data sharing between enterprises with the effect of protecting the internal network of the enterprise is achieved, which has become an important research direction.
Disclosure of Invention
The invention aims to solve the following technical problems at least to a certain extent:
how to transmit the data inside the enterprise is low in safety, and the efficiency is not guaranteed.
In a first aspect, an embodiment of the present invention provides a data transmission method based on a DMZ zone, where each enterprise is correspondingly provided with an application program, a data sharing switching platform, and a front-end processor, where the application program is used to manage internal data of the enterprise, each data sharing switching platform is arranged in a respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, and each enterprise at least includes a first enterprise and a second enterprise, and the method includes:
responding to a data acquisition task sent by a second enterprise and received by the front-end processor, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task and sends the source data to the data sharing exchange platform;
and the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor.
In some examples, the application of the first enterprise, in response to the front-end processor receiving the collected data task sent by the second enterprise, includes:
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
and the data sharing exchange platform of the first enterprise sends the collected data standard to the application program, so that the application program obtains source data according to the collected data standard.
In some examples, the source data includes structured data and unstructured data, the obtaining source data based on the collected data standard in the collected data task and sending the source data to the data sharing switching platform includes:
and the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquisition standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform.
In some examples, the sending structured data and unstructured data, respectively, to the data exchange platform comprises:
and the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to a data exchange platform of the first enterprise.
In some examples, the data sharing exchange platform of the first enterprise performs data encryption after performing data processing on the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data sharing exchange platform of the first enterprise extracts the source data based on the acquired data standard, packages and encrypts the extracted source data, and sends the encrypted data to the second enterprise through the front-end processor of the first enterprise.
In some examples, each enterprise's data sharing exchange platform has a respective symmetric key and asymmetric key pair, the asymmetric key pair comprising a public key and a private key;
the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data exchange platform of the first enterprise encrypts the data through the own symmetric key, the symmetric key is encrypted through the public key of the data sharing exchange platform of the second enterprise, and the encrypted data are jointly packaged and then are sent to the second enterprise through the front-end processor.
In a second aspect, the present invention provides a data transmission method based on DMZ zones, where each enterprise is correspondingly provided with an application program, a data sharing switching platform, and a front-end processor, where the application program is used to manage internal data of the enterprise, each data sharing switching platform is arranged in a respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, and each enterprise at least includes a first enterprise and a second enterprise, and the method includes:
a data sharing exchange platform of a second enterprise generates a data acquisition task, and the data acquisition task is sent to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise;
and after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
In some examples, the data sharing exchange platform of the second enterprise generates a data collection task, and sends the data collection task to the first enterprise through the front-end processor, so that the first enterprise collects data based on the data collection task and sends the data to the second enterprise after encrypting, including:
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
and the front-end processor of the second enterprise sends the data acquisition task to the first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise.
In some examples, each enterprise's data sharing exchange platform has a symmetric key and an asymmetric key pair, the asymmetric key pair comprising a public key and a private key;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the data sharing exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task, including:
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the data sharing exchange platform of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
In a third aspect, an embodiment of the present invention provides a data transmission system based on a DMZ zone, where each enterprise in the system is correspondingly provided with an application program, a data sharing switching platform, and a front-end processor, where the application program is used to manage data inside the enterprise, each data sharing switching platform is provided in a respective DMZ zone of each enterprise, each front-end processor is provided in the same network environment, and each enterprise includes at least a first enterprise and a second enterprise,
the application program of the first enterprise is used for responding to a data acquisition task received by the front-end processor and sent by a second enterprise, acquiring source data based on data acquisition standards in the data acquisition task, and sending the source data to the data sharing exchange platform;
the data sharing exchange platform of the first enterprise is used for carrying out data encryption after carrying out data processing on the source data based on the acquired data standard, and sending the encrypted data to the second enterprise through the front-end processor;
the second enterprise data sharing exchange platform is used for generating a data acquisition task and sending the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise; and the front-end processor used for the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise after receiving the encrypted data of the first enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
By the data transmission method and the data transmission system based on the DMZ zone, network isolation can be realized through network environment configuration of the DMZ zone, the problem of protecting an internal network of an enterprise is solved, data encryption is realized through an encryption algorithm, the safety of data transmission is ensured, the data volume of each transmission can be reduced by adopting a sub-packet mode for unstructured data, and the data transmission efficiency is ensured.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic diagram of a DMZ-based data transmission system framework according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a data transmission method based on a DMZ zone according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of another data transmission method based on DMZ zones according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an encryption process according to an embodiment of the present invention.
Detailed Description
In order to more clearly explain the overall concept of the present application, the following detailed description is given by way of example in conjunction with the accompanying drawings.
Fig. 1 is a schematic diagram of a data transmission system framework based on a DMZ zone according to an embodiment of the present invention, and as shown in fig. 1, the system includes a plurality of enterprises, each of which is provided with an application program, a data sharing exchange platform, and a front-end processor.
In particular, the application is used for managing data within an enterprise, and may be, for example, a business management system within the enterprise; each data sharing exchange platform is arranged in a respective DMZ zone of each enterprise; each front-end processor is arranged in the same network environment and can communicate with each other.
In some examples, the each enterprise includes at least a first enterprise and a second enterprise. In some specific application scenarios of the present invention, the second enterprise is a superior enterprise of the first enterprise.
Specifically, the application program of the first enterprise is used for responding to a data acquisition task received by the front-end processor and sent by a second enterprise, acquiring source data based on data acquisition standards in the data acquisition task, and sending the source data to the data sharing exchange platform;
specifically, the data sharing exchange platform of the first enterprise is configured to perform data encryption after performing data processing on the source data based on the collected data standard, and send the encrypted data to the second enterprise through the front-end processor;
specifically, the second enterprise data sharing exchange platform is used for generating a data acquisition task, and sending the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise; and the front-end processor used for the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise after receiving the encrypted data of the first enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
The following describes a specific implementation and functions of the above system in the embodiment of the present invention with reference to fig. 2.
Fig. 2 is a schematic flow chart of a data transmission method based on a DMZ zone according to an embodiment of the present invention, as shown in fig. 2, the method includes:
s201, an application program of a first enterprise responds to a data acquisition task received by a front-end processor and sent by a second enterprise, source data are obtained based on data acquisition standards in the data acquisition task, and the source data are sent to a data sharing exchange platform.
S202, the data sharing exchange platform of the first enterprise carries out data processing on the source data based on the acquired data standard, then carries out data encryption, and sends the encrypted data to the second enterprise through the front-end processor.
In some preferred embodiments, the application of the first enterprise, in response to the front-end processor receiving the collected data task sent by the second enterprise, comprises:
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
and the data sharing exchange platform of the first enterprise sends the acquired data standard to the application program, so that the application program acquires source data according to the acquired data standard.
In some preferred embodiments, the source data includes structured data and unstructured data, and accordingly, the acquiring the source data based on the collected data standard in the collected data task and sending the source data to the data sharing exchange platform includes:
and the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquisition standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform.
Specifically, the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to the data exchange platform of the first enterprise, respectively.
In some embodiments, the unstructured data larger than 50M is sent in a single zip packet, and the unstructured data smaller than 50M is sent in a zip packet, and reported one by one with the zip packet.
In some embodiments, the non-structured data zip packages are named uniformly, and the naming mode can be uniform social credit code _ service code _ version number _ timestamp _ uuid.
In some embodiments, each enterprise's data sharing exchange platform has a respective symmetric key and asymmetric key pair, the asymmetric key pair comprising a public key and a private key.
Correspondingly, the data sharing exchange platform of the first enterprise encrypts the data after performing data processing on the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data exchange platform of the first enterprise encrypts the data through a symmetric key of the data exchange platform of the first enterprise, encrypts the symmetric key through a public key of the data sharing exchange platform of the second enterprise, and packages the encrypted data together and then sends the packaged data to the second enterprise through the front-end processor.
Fig. 3 is a schematic flow chart of another data transmission method based on DMZ zones according to an embodiment of the present invention, as shown in fig. 3, the method includes:
s301, a data sharing exchange platform of a second enterprise generates a data acquisition task, and sends the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the data to the second enterprise;
s302, after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
In some examples, the data sharing exchange platform of the second enterprise generates a data collection task, and sends the data collection task to the first enterprise through the front-end processor, so that the first enterprise collects data based on the data collection task and sends the data to the second enterprise after encrypting, including:
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
and the front-end processor of the second enterprise sends the data acquisition task to the first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise.
The data sharing exchange platform of each enterprise is provided with a symmetric key and an asymmetric key pair, wherein the asymmetric key pair comprises a public key and a private key;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the data sharing exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task, and the method comprises the following steps:
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
Fig. 4 is a schematic diagram of an encryption process provided in an embodiment of the present invention, as shown in fig. 4, in an actual application process, a data sharing exchange platform of each enterprise generates a symmetric key (SM 4 key file) by itself, receives a public key (SM 2 public key) sent by a second enterprise, encrypts source data by using the symmetric key, encrypts the symmetric key by using the public key, and then sends the encrypted source data to other enterprises.
It will be appreciated that the encryption process may be applied to any phase of enterprise communication in embodiments of the present invention, such as the second enterprise sending the collected data task phase to the first enterprise, or the first enterprise sending the collected data phase to the second enterprise.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the application.

Claims (4)

1. A data transmission method based on DMZ zone is characterized in that each enterprise is correspondingly provided with an application program, a data sharing exchange platform and a front-end processor, wherein the application program is used for managing data in the enterprise, each data sharing exchange platform is arranged in the DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, each enterprise at least comprises a first enterprise and a second enterprise, and the method comprises the following steps:
responding to a data acquisition task sent by a second enterprise and received by the front-end processor, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task and sends the source data to the data sharing exchange platform;
the data sharing exchange platform of the first enterprise encrypts the source data after processing the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor;
the application program of the first enterprise responds to the front-end processor receiving the collection data task sent by the second enterprise, and comprises the following steps:
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
the data sharing exchange platform of the first enterprise sends the acquired data standard to the application program, so that the application program obtains source data according to the acquired data standard;
the source data includes structured data and unstructured data, the source data is obtained based on the collected data standard in the collected data task, and the source data is sent to the data sharing exchange platform, including:
the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquired data standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform;
the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to a data exchange platform of the first enterprise;
packing the unstructured data in a form of a single data packet under the condition that the size of the unstructured data is larger than a preset value;
packing the unstructured data into an unstructured data packet under the condition that the size of the unstructured data is smaller than the preset value;
the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data exchange platform of the first enterprise encrypts the data through a symmetric key of the data exchange platform of the first enterprise, encrypts the symmetric key through a public key of the data sharing exchange platform of the second enterprise, and packages the encrypted data together and then sends the packaged data to the second enterprise through the front-end processor.
2. The method of claim 1, wherein the data sharing exchange platform of the first enterprise performs data encryption after performing data processing on the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, comprising:
and the data sharing exchange platform of the first enterprise extracts the source data based on the acquired data standard, packages and encrypts the extracted source data, and sends the encrypted data to the second enterprise through the front-end processor of the first enterprise.
3. A data transmission method based on DMZ zone is characterized in that each enterprise is correspondingly provided with an application program, a data sharing exchange platform and a front-end processor, wherein the application program is used for managing data inside the enterprise, each data sharing exchange platform is arranged in the respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, each enterprise at least comprises a first enterprise and a second enterprise, and the method comprises the following steps:
a data sharing exchange platform of a second enterprise generates a data acquisition task, and the data acquisition task is sent to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task;
the data sharing exchange platform of the second enterprise generates a data acquisition task, and sends the data acquisition task to the first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task and sends the data to the second enterprise after encryption, and the method comprises the following steps:
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
the front-end processor of the second enterprise sends the data acquisition task to a first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise;
the data acquisition task is used for acquiring source data, and the source data comprises structured data and unstructured data;
acquiring source data based on a data acquisition standard in the data acquisition task and sending the source data to the data sharing exchange platform through a first enterprise, wherein the data acquisition task comprises the following steps:
respectively acquiring structured data and unstructured data according to the acquisition standard through an application program of the first enterprise, and respectively sending the structured data and the unstructured data to the data sharing exchange platform;
the structured data are placed into a DB file database for packaging through an application program of the first enterprise, the unstructured data are packaged and named according to a preset format, and the packaged data are sent to a data exchange platform of the first enterprise;
packing the unstructured data in a form of a single data packet under the condition that the size of the unstructured data is larger than a preset value;
packing the unstructured data into an unstructured data packet under the condition that the size of the unstructured data is smaller than the preset value;
the data sharing exchange platform of each enterprise is provided with a symmetric key and an asymmetric key pair, wherein the asymmetric key pair comprises a public key and a private key;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the data sharing exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task, including:
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
4. A data transmission system based on DMZ zone is characterized in that each enterprise in the system is correspondingly provided with an application program, a data sharing exchange platform and a front-end processor, wherein the application program is used for managing data in the enterprise, each data sharing exchange platform is arranged in the DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, each enterprise at least comprises a first enterprise and a second enterprise, wherein,
the application program of the first enterprise is used for responding to a data acquisition task received by the front-end processor and sent by a second enterprise, acquiring source data based on data acquisition standards in the data acquisition task, and sending the source data to the data sharing exchange platform;
the data sharing exchange platform of the first enterprise is used for carrying out data encryption after carrying out data processing on the source data based on the acquired data standard, and sending the encrypted data to the second enterprise through the front-end processor;
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
the data sharing exchange platform of the first enterprise sends the collected data standard to the application program, so that the application program obtains source data according to the collected data standard; the source data comprises structured data and unstructured data;
the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquired data standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform;
the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to a data exchange platform of the first enterprise;
packing the unstructured data in a form of a single data packet under the condition that the size of the unstructured data is larger than a preset value;
packing the unstructured data into an unstructured data packet under the condition that the size of the unstructured data is smaller than the preset value;
the data exchange platform of the first enterprise encrypts the data through a symmetric key of the data exchange platform of the first enterprise, encrypts the symmetric key through a public key of the data sharing exchange platform of the second enterprise, and sends the encrypted data to the second enterprise through the front-end processor after jointly packaging the encrypted data;
the second enterprise data sharing exchange platform is used for generating a data acquisition task and sending the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise; the front-end processor used for the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise after receiving the encrypted data of the first enterprise, and data collected by the second enterprise based on the data collection task is obtained;
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
the front-end processor of the second enterprise sends the data acquisition task to the first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise;
the data sharing exchange platform of each enterprise is provided with a symmetric key and an asymmetric key pair, wherein the asymmetric key pair comprises a public key and a private key;
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
CN202011139340.4A 2020-10-22 2020-10-22 Data transmission method and system based on DMZ zone Active CN112422510B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011139340.4A CN112422510B (en) 2020-10-22 2020-10-22 Data transmission method and system based on DMZ zone

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011139340.4A CN112422510B (en) 2020-10-22 2020-10-22 Data transmission method and system based on DMZ zone

Publications (2)

Publication Number Publication Date
CN112422510A CN112422510A (en) 2021-02-26
CN112422510B true CN112422510B (en) 2023-01-20

Family

ID=74840472

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011139340.4A Active CN112422510B (en) 2020-10-22 2020-10-22 Data transmission method and system based on DMZ zone

Country Status (1)

Country Link
CN (1) CN112422510B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102779186A (en) * 2012-06-29 2012-11-14 浙江大学 Whole process modeling method of unstructured data management
CN103116643A (en) * 2013-02-25 2013-05-22 江苏物联网研究发展中心 Hadoop-based intelligent medical data management method
CN105160474A (en) * 2015-09-06 2015-12-16 浪潮软件股份有限公司 Data processing method for realizing heterogeneous database based on intelligent task scheduling platform
CN111698546A (en) * 2020-06-29 2020-09-22 平安国际智慧城市科技股份有限公司 Video structured result transmission method and device, terminal equipment and storage medium

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2913550A1 (en) * 2007-03-07 2008-09-12 Inside Contactless Sa METHOD FOR SECURELY LOADING ACCESS DATA TO A SERVICE IN AN NFC CHIPSET
CN103685532B (en) * 2013-12-20 2016-08-17 代玉松 The safety guarantee system and method used during transmission of a kind of data among enterprises based on cloud service
US10404669B2 (en) * 2015-06-09 2019-09-03 Skyhigh Networks, Llc Wildcard search in encrypted text
CN107222583A (en) * 2017-08-08 2017-09-29 江苏优闼数据科技有限公司 A kind of data transmission method of fusion structure data and unstructured data
CN109150703B (en) * 2018-08-23 2019-07-02 北方工业大学 Intelligent cloud gateway for industrial Internet of things and communication method thereof
CN109257347A (en) * 2018-09-10 2019-01-22 中国建设银行股份有限公司 Communication means and relevant apparatus, storage medium suitable for data interaction between bank
CN109818831A (en) * 2019-03-05 2019-05-28 山东浪潮通软信息科技有限公司 A kind of system data dynamic monitoring device and method across private network based on DMZ
CN110061996A (en) * 2019-04-25 2019-07-26 深圳市元征科技股份有限公司 A kind of data transmission method, device, equipment and readable storage medium storing program for executing
CN110086816A (en) * 2019-04-30 2019-08-02 广东电网有限责任公司 A kind of data processing method under internal and external network switching platform environment
CN111258780B (en) * 2020-01-15 2024-07-09 深圳市华傲数据技术有限公司 System and method for data exchange based on front-end processor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102779186A (en) * 2012-06-29 2012-11-14 浙江大学 Whole process modeling method of unstructured data management
CN103116643A (en) * 2013-02-25 2013-05-22 江苏物联网研究发展中心 Hadoop-based intelligent medical data management method
CN105160474A (en) * 2015-09-06 2015-12-16 浪潮软件股份有限公司 Data processing method for realizing heterogeneous database based on intelligent task scheduling platform
CN111698546A (en) * 2020-06-29 2020-09-22 平安国际智慧城市科技股份有限公司 Video structured result transmission method and device, terminal equipment and storage medium

Also Published As

Publication number Publication date
CN112422510A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
US8037297B2 (en) Network and node for providing a secure transmission of mobile application part messages
CN111917727A (en) Electric power Internet of things safety intelligent image transmission system and method based on 5G and WiFi
US20070094273A1 (en) System topology for secure end-to-end communications between wireless device and application data source
EP2882208B1 (en) Method, apparatus, system, and related device for data transmission
CN104468648A (en) Data processing system and method
EP2521311A1 (en) Resource control method, apparatus and system in peer-to-peer network
WO2011131093A1 (en) Encryption communication method, apparatus and system
WO2019169679A1 (en) Terminal information transmission method and relevant products
CN115632779B (en) Quantum encryption communication method and system based on power distribution network
CN106464596A (en) Openflow communication method, system, controller, and service gateway
CN102761494A (en) IKE (Internet Key Exchange) negotiation processing method and device
CN111988260B (en) Symmetric key management system, transmission method and device
US9479334B2 (en) Method, system, and terminal for communication between cluster system encryption terminal and encryption module
Saksonov et al. Organization of information security in Industrial Internet of Things systems
EP3166283B1 (en) Business access method, system and device
CN112491955B (en) Method and system for realizing iframe system data exchange based on proxy server
CN109862526A (en) Document transmission method, device, computer equipment and storage medium
Gupta et al. End-to-end encryption for securing communications in industry 4.0
CN112422510B (en) Data transmission method and system based on DMZ zone
KR102219018B1 (en) Blockchain based data transmission method in internet of things
CN117118628A (en) Lightweight identity authentication method and device for electric power Internet of things and electronic equipment
CN102082666B (en) Single login system and method and service management system as well as single login intermediate system
CN113765900B (en) Protocol interaction information output transmission method, adapter device and storage medium
CN108173868A (en) A kind of method, equipment and the storage device of one-to-many file distributing
CN111581673B (en) SAP electronic signature method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230307

Address after: 250101 Inspur science and Technology Park, 1036 Inspur Road, hi tech Zone, Jinan City, Shandong Province

Patentee after: Inspur Genersoft Co.,Ltd.

Address before: 250101 Inspur science and Technology Park, 1036 Inspur Road, hi tech Zone, Jinan City, Shandong Province

Patentee before: SHANDONG INSPUR GENESOFT INFORMATION TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right